Bitcoin Forum

i was thinking:

if i have a large wallet, and i am using my normal ip address, doesn't that put me at risk of someone actually finding my physical location and sending thugs over to take it?

shouldn't the bitcoin devs be encouraging tor use?

Interesting idea.

I am not sure its very easy to find your actual address from an IP address, but given unfortunate circumstances, interception of email, etc it can certainly be done - after all you give your address each time you order something.

I think the thing that makes this unlikely is that the 'thugs' do not actually know where you store your bitcoins. If you are sensible, you will have moved most of them to paper wallets and so they may not even be 'at your address'.

I did wonder if electronic thugs might be sent, but as I run Linux I worry less about this than I might otherwise. But worried about this and then moved most of my coins to a paper wallet.

Really, I think paper wallets are the answer. Just remember that there is no button to recover the password. (I mean private key.) if your house burns down and you loose them, they are lost!!

i think almost no one will do this (paper wallets)

which means: if i know your ip address, i just come to your house with a gun and force you to transfer them into a wallet (or kidnap your kids, etc).

we should talk about this more seriously as the market cap increases. it seems to me that tor should almost be mandatory, as well as the clients encouraging you to diversify your wallets into smaller wallets (and making this process easier)

also, with ipv6, doesn't it make them even more traceable-right-to-you?

The general recommendation is to use a new bitcoin address for every transaction.  If you do this, how are the thugs going to know what your bitcoin addresses are or how much bitcoin you have?

As a general rule, if you are telling people who you are and what your bitcoin addresses are, then Tor isn't going to help you.  If you are not telling people who you are and what your bitcoin addresses are, then the only thing they will determine if you are not on Tor is whether or not you are running a Bitcoin client. They won't know your addresses or bitcoin balance.

More specifically, at the moment there is an exploit that can be leveraged against the current Bitcoin-Qt client that can determine if a bitcoin client is likely to have a particular private key.  This needs to be addressed in the client itself in a future release.  In the mean time if this is a concern you have multiple options:

• Connect your bitcoin client to the bitcoin network via Tor
• Run 2 bitcoin wallets.  The first one has none of your addresses and connects to the bitcoin network, and the second has your addresses and connects ONLY to your first client.
• Store most of you bitcoins offline (paper wallet, USB drive, other removable media, etc)
  

If you do not use paper wallets, really you are very foolish.

You back up your computer, of course. +1 for that.

But here's the thing, people can get to your computer. Its connected to the internet. There are already viruses that track network traffic, keylog, and yes deliberatly steal Bitcoin wallets.

Its already happened. Why should it not happen to you. So you are careful. Me too. Some of the people who have lost stuff in this way were careful too. Most not. It helps to be careful.

But the security of a carefully prepared paper wallet or many of them, is much more than a computer.  Having worked for an AV firm, we used to say that nothing beats physical locks. Its very true. A good hacker can get in most places given time and motivation.  

Anyone with any significant wallet should put it in paper wallets. Many of them. Thats my view.

how do paper wallets protect you if someone knows that you have them?

Well, the smart thing to do would be to not tell anyone that you have the paper wallets (or at least only tell those who you trust with access, such as a spouse).

If you are going to make it known that you have paper wallets (as mintymark has now done), the next step would be to not tell anyone how many paper wallets you have, how much bitcoin is stored on each, and where they are located.

Of course *any* store of value can be taken by force. That does not change.

But its about plausible denyability. The papers do not have to be here in the house. They may be in a bank vault, a friends house, etc. And when they march you to the bank and say open the vault, (weather they are or not) you *may* have a chance to get assistance.  They may be inaccessable to you because you have given them to someone else or to a layer. Or they may not exist anymore because you gambled them away one night in a game of poker in the local pub. You may have given them to your children, your mistress or your whore! You will get beaten up either way if you have thugs in your house, of course, and I hope that never happens but paper wallets can only help. And if you decide that the severity of the beating would be lessoned by giving them some or all of it, just like casy, well you can do that.

So thats how.  

Damn! Danny your right!!

Nah. Paper wallets suck hard.

- What if somebody steals the paper wallet from you ? It is not encrypted.
- How is paper wallet better than microSD card which CAN be encrypted, so you can push it to the cloud, make multiple backups everywhere and you don't care if the backups get lost or stolen ?

An encrypted Laptop which is used only as Bitcoin-safe is much better.
The laptop may even have a truecrypt invisible partition  so you have plausible deniability in case a thug wants to take your coins from you.

You only connect the laptop to internet when you want to send coins. (You can use Armory offline wallet for that too)

Also for extra security, instead of synchronizing blockchain through running client normally, you can synchronize on a different computer and transfer the blockchain files through other means (SFTP, RSYNC).

Why isn't it encrypted.  You can store an encrypted private key on paper.

And a paper wallet can be uncrypted, pushed to multiple safes, and have multiple backups stored everywhere so you don't care if the backups get lost or stolen.

Wouldn't a carefully encrypted and disguised piece of paper also give you plausible deniability?

Wouldn't it be better not to synchronize the blockchain at all?  I don't think you need it to spend bitcoin as long as you know the hash value of the outputs that have been sent to you.

I hereby encourage everybody to use tor.

But I think worrying about thugs getting your street address from your Internet service provider and then breaking into your house to try to coerce you into giving them your Bitcoins seems very unlikely.

Gavin, you don't know what kind of neighborhood I live in.



http://epicdemotivational.com/wp-content/uploads/2011/01/so-demotivational-posters-dorks.jpg

Although I think I'd worry more about this sort of potential thief.

http://thedeetales.webs.com/love%20nerds.jpg

This is a non-issue. In fact, several unrelated non-issues. First - the fact that somebody might find out where somebody else lives based on the ip address. This is not easy to do, even law enforcement needs a court order in most countries.
Second, the fact that somebody might find out where somebody else lives by gaining access to their personal computer and Web mail, with all the personal documents containing the address, etc. Note, this likely means access to their bank accounts and locally stored bitcoins (unless offline or paper wallets).
Third, the fact that somebody might find find out the identity of a person controlling a particular bitcoin address with lots of coins, and then find out the address of that individual from public or semi-public records. Note, this has got nothing to do with IP address.

Now compare this whole mix of unrelated or losely related issues with the fact that anyone wanting to steal something of value can simply (compared to the goatfuck above it is simple) steal a car, rob someone of their gold necklace, kidnap for ransom, or just break into a wealthy-looking home and hope for the best. Or start a bitcoin Ponzi scheme.

tl;dr - the OP is fear-mongering and spreading FUD. No offense, paulie.

Thugs?

http://i814.photobucket.com/albums/zz61/BOSMAN-PICS/ChicagoMKOT.jpg

paper wallets can be many forms..

EG i can have a paper wallet that is a poem in a book...

and the key is (for example but not reality) the 3rd word 7th word 26th word and a bunch of numbers for the brain wallet key.

so just having a book on my book shelf that is my paperwallet.

now try stealing my coins..

and for inheritance reasons if i die, just putting a statement for family to read in my Will as:

read my favourite book, word numbers ... .. ..  to receive your riches.

and basically if anyone does not know you well enough to know what your talking about, doesnt really deserve your hard labours

none taken! but i don't think you're right.

it may not be likely that i will correlate an ip address to a home address in most cases, and i agree with gavin and you about this. but, it's not strictly impossible. and you guys should also maybe think about insiders in companies that _can_ get that information.

anyway i think gavin's statement advising bitcoin users to use tor is all that needs to be said for now.

-w

What if the house burns down during your funeral and your loved ones are left destitute because they cannot access your Bitcoins? 

What IP address?

Your IP address is not stored in the blockchain and when your transaction gets relayed it's usually not your IP that gets recorded on sites like blockchain.info unless they happen to be connected to your node.

Maybe someone could run a client that records IP addresses but it can only record the IP of the clients that it connects to and transactions initiated by that node.

I run my bitcoin client on a server not at my house. I also use Electrum which runs off that server so any IP record would be from that location in Chiacgo (which is not even in the same country that I'm in).

It's probably pretty hit and miss to record accurate IP addresses for wallets/addresses and given that isn't it just as likely someone would turn up at your door looking for someone else's wallet.

Agreed. As an added exercise for everyone, try determining physical location of private keys corresponding to any of these addresses:

13iH15i8CesFkNo64L9T58zXgSSngLu8kq, currently holding 1,953.999 coins
13wirvgFtjc28mmxWRLc7xKSH4cjR8VkdK, currently holding 1,100.002665 coins
1LCeofivDzcuH8S6AicScudbxC3AiVZA9X, currenly holding 8,000 coins.

I ensure you that even the CIA, with all their resources, would have a hard time doing this reliably. Hell, they might even  send you to the embassy of China (https://en.wikipedia.org/wiki/U.S._bombing_of_the_Chinese_embassy_in_Belgrade) by mistake.

I would recommend a paper wallet together with an "k out of n" code. Such a code means that you make n papers, and to decrypt, you need to have at least k of them (any k of them). This means that a thief can not get your money by stealing one paper, and also that you will not lose your money if you lose one paper.

This can probably not be done automatically at the moment though.

What about using a heavily used VPN?

Far more people give up far more anonymity in the acquiring and spending of bitcoin than they ever do by failing to use Tor.  This conversation is much like standing in the shade under a coconut tree on the beach refusing to get in the ocean because you are afraid that you might be killed by a shark (http://www.unisci.com/stories/20022/0523024.htm).  Focusing so narrowmindedly on revealing an IP address distracts from the more significant ways that people are giving up their anonymity without realizing it.  Get everyone out from under the coconut trees.  Once you've done that you can start trying to convince some of them to go for a swim.


Edit: Yes, I realize that it has never been officially confirmed that more people are killed by coconuts than sharks.  The point of the story is that people have a tendency to over-react to unlikely risks while under-reacting to more likely risks.  It happens all the time, not just with IP addresses and other identity revealing actions.

I don't fear thugs. If they come for me they will find out that I have a lot more real security in real life than I do on my computers.  8)

then they go to a book store, or a library read the poem again access the bitcoin address from someones computer and transfer what they need.

the poem i used is not a poem i wrote. it s a widely available book. so thank you for proving that even when the house burns down the money is safe.

but if you mean what do they do in the couple weeks from the funeral until the reading of the will to receive their inheritance, well i never throw all my eggs into one basket. its not like the family needs to ask me for a daily allowance upfront. and in my death they are left on the streets for a few weeks. the reality is that thy can still afford hotel rooms for , well a few weeks using their own wages, etc. but if they want their inheritance they have to wait for the reading of the Will before buying their porsche's and mansions :D

...which will unfortunately take much more space than microSD card if the encryption is to be done properly (the paper cannot be too small or the print will become unreadable with time).


Yes, you do care. A microSD card can be encrypted in a way that nobody even KNOWS whether it **CONTAINS ANYTHING**. And it is easy, just truecrypt + 5 - line bash script.
Try doing that with paper wallet. Good luck.


You cannot disguise paper wallet as well as you can disguise microSD card.
MicroSD card can be encrypted in a way that it will be impossible to tell if it contains anything.


Armory allows this.

Stolen cars are difficult to hide, risky to transport, and must be dismantled by a trained mechanic before they can be sold as spare parts.


Not a lot of people walk around with necklaces worth $10 Million, and the few who do are usually in the company of bodyguards.


Kidnapping for ransom is high risk operation that often ends badly for the kidnapper.  Express kidnapping isn't, which is why it's so common in some Latin American countries.  A bitcoin owner is the ideal victim for express kidnappings.


That's why wealthy people don't keep kilograms of gold bars inside their home.


I agree that right now, it's a bit premature to worry about violent gangs coming after your bitcoins.  However, if bitcoin ever reaches prices of $1000+, the concerns of the OP are valid. Bitcoins are easier to steal than cars or jewellery, even if stored physically.

Simple offline wallets alone won't be secure enough.  Additional features, such as multiple signatories and mandatory lock times for withdrawals will be required. 

see:

https://en.bitcoin.it/wiki/Contracts